30347721ada00ff06562c37bb83f4c82a582b2eb2224fa9e8cecebdd0c90bbd2 | Triage

Analysis

max time kernel
118s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 06:00

Sharing

Report Analysis Logs

General

Target

software-installer.exe
Size

300.4MB
MD5

9262639fb08b4680f2aca0b967fd389a
SHA1

6b32f94d1ceb634220a2f4e2f6db01c13d992cc0
SHA256

9d215743885b4f6d937deb0975c1b4b7a771d2d1c67a958b18f28383756bafc2
SHA512

4869b38bced3c7aa3d011469dd0e0669ad220babca59557a7b711c938d3e07c76eb8c0c082de93ada111893c64b457aaf56da6c10b767c4b2bfdd4e2a6f47568
SSDEEP

49152:8hbt+oCa/FWu0ABFoKHej29j444444444444444444444444444444444444444h:82

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1684	2980	software-installer.exe	28
PID 2980 wrote to memory of 1684	2980	software-installer.exe	28
PID 2980 wrote to memory of 1684	2980	software-installer.exe	28

C:\Users\Admin\AppData\Local\Temp\software-installer.exe
"C:\Users\Admin\AppData\Local\Temp\software-installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2980 -s 520
  2⤵
  PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-0-0x000007FEF5BE0000-0x000007FEF65CC000-memory.dmp

Filesize
9.9MB

Download
memory/2980-1-0x000000013FA80000-0x0000000140A80000-memory.dmp

Filesize
16.0MB

Download
memory/2980-2-0x000007FEF5BE0000-0x000007FEF65CC000-memory.dmp

Filesize
9.9MB

Download